{"vulnerability": "CVE-2024-2334", "sightings": [{"uuid": "0028525d-efd2-4aea-96b4-92b164dd9240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmxigyn5dv2h", "content": "", "creation_timestamp": "2025-04-16T21:02:24.108203Z"}, {"uuid": "fe7ab77c-a362-45b1-bc1e-f56759979ca1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmteau4rtd2g", "content": "", "creation_timestamp": "2025-04-15T05:36:42.705285Z"}, {"uuid": "f1a144f2-c39a-42cd-979b-a88b252bf95e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9362", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis is an exploit for chemistry Hack the Box machines that automates a \\\"terminal\\\" enviornment using CVE-2024-23346\nURL\uff1ahttps://github.com/MAWK0235/CVE-2024-23346\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-09T22:36:23.000000Z"}, {"uuid": "038c8bc4-bdb9-4d22-9905-308918591de8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/writeup_ctf/321", "content": "\u0421\u0434\u0435\u043b\u0430\u043b \u0440\u0430\u0439\u0442\u0430\u043f \u043d\u0430 \u043d\u043e\u0432\u0443\u044e \u0442\u0430\u0447\u043a\u0443 \u0448\u0435\u0441\u0442\u043e\u0433\u043e \u0441\u0435\u0437\u043e\u043d\u0430 hackthebox (Chemistry Season6).\n\u0418\u043b\u0438, \u043a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u0438\u0442 YandexGPT \"\u0420\u0435\u0448\u0438\u043b \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u0443\u044e \u0440\u0430\u0431\u043e\u0442\u0443 \u043f\u043e \u0445\u0438\u043c\u0438\u0438 HTB\" \n\n\u0418\u0437 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0433\u043e, \u0432 \u0442\u0430\u0447\u043a\u0435 \u0431\u044b\u043b\u0430 RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 CIF (Crystallographic Information File) - CVE-2024-23346\n\u0438 LFI \u0432 aiohttp - CVE-2024-23334. \n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0435 \u0448\u0430\u0433\u0438 \u043f\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044e \u0442\u0430\u0447\u043a\u0438 \u0442\u0443\u0442:\nhttps://pentestnotes.ru/ru/writeups/hackthebox/chemistry-htb-writeup/", "creation_timestamp": "2024-10-21T16:17:28.000000Z"}, {"uuid": "84475602-2b44-4f76-b114-15ad773d2705", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/45234", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aPoC exploit and vulnerable server demo for CVE-2025-1302 in jsonpath-plus.\nURL\uff1ahttps://github.com/DAVIDAROCA27/CVE-2024-23346-exploit\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-07-24T18:23:12.000000Z"}, {"uuid": "6dbea6fa-127b-4dec-b6b5-65bc7a664dec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23349", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9454", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23349\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nXSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.\n\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue.\n\ud83d\udccf Published: 2024-02-22T09:48:20.873Z\n\ud83d\udccf Modified: 2025-03-28T19:39:55.576Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg\n2. http://www.openwall.com/lists/oss-security/2024/02/22/2", "creation_timestamp": "2025-03-28T20:28:55.000000Z"}, {"uuid": "f79cc2cf-135c-4afd-836b-7646fb8e0d49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8937", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aDeveloped PoC for pymatgen <= 2024.2.8 Insecure Deserialization RCE\nURL\uff1ahttps://github.com/bluetoothStrawberry/CVE-2024-23346_poc\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-11-02T19:43:36.000000Z"}, {"uuid": "a6dea491-5e7f-4f28-87bb-66d8ec783ab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23344", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15790", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23344\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.\n\ud83d\udccf Published: 2024-02-06T15:58:19.781Z\n\ud83d\udccf Modified: 2025-05-09T16:26:14.004Z\n\ud83d\udd17 References:\n1. https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85w\n2. https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42\n3. https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42\n4. https://tuleap.net/plugins/tracker/?aid=35862", "creation_timestamp": "2025-05-09T17:25:56.000000Z"}, {"uuid": "8ce73b08-dd61-43b0-a240-44fbd6574e36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/681", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aDeveloped PoC for pymatgen <= 2024.2.8 Insecure Deserialization RCE\nURL\uff1ahttps://github.com/bluetoothStrawberry/CVE-2024-23346_poc\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-11-05T20:57:53.000000Z"}, {"uuid": "ae3a56e3-162e-4fb5-bd1c-7761beaf5bdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "Telegram/iNFvofcejHT1UJTcFqWUlfDrh8sGhUnP2aFNlTJXmorFBwHU", "content": "", "creation_timestamp": "2025-02-06T02:44:21.000000Z"}, {"uuid": "f3af3972-82df-4d4f-a723-ce2c8f29e5ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23342", "type": "seen", "source": "https://t.me/arpsyndicate/4721", "content": "#ExploitObserverAlert\n\nCVE-2024-23342\n\nDESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2024-23342. The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.\n\nFIRST-EPSS: 0.000760000\nNVD-IS: 5.2\nNVD-ES: 2.2\nARPS-PRIORITY: 0.7087238", "creation_timestamp": "2024-04-19T13:38:47.000000Z"}, {"uuid": "73a55c0c-c170-4169-a50a-3ff5ce6e8da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://t.me/arpsyndicate/4023", "content": "#ExploitObserverAlert\n\nCVE-2024-23346\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23346. Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.", "creation_timestamp": "2024-02-22T19:51:58.000000Z"}, {"uuid": "d2904502-510d-4ed9-9f70-5553d4d2c7fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://t.me/ctinow/189897", "content": "https://ift.tt/gnASYcD\nCVE-2024-23346", "creation_timestamp": "2024-02-21T18:31:23.000000Z"}, {"uuid": "5e47f391-815a-4ae5-9e3d-fe7e3061ae47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://t.me/ctinow/206497", "content": "https://ift.tt/7VxrJHd\nCVE-2024-23346 | materialsproject pymatgen prior 2024.2.20 from_transformation_str command injection", "creation_timestamp": "2024-03-13T09:41:26.000000Z"}, {"uuid": "57e47ef4-69c9-4217-9d81-c63c8f3271c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23344", "type": "seen", "source": "https://t.me/ctinow/197488", "content": "https://ift.tt/H0UJSKR\nCVE-2024-23344 | Enalean Tuleap Community Edition prior 15.4.99.140 information disclosure (GHSA-m3v5-2j5q-x85w)", "creation_timestamp": "2024-03-01T10:46:18.000000Z"}, {"uuid": "c91b81f9-8fe3-44dd-aeed-b1ce0f4f4e4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23341", "type": "seen", "source": "https://t.me/ctinow/172251", "content": "https://ift.tt/g6tbBns\nCVE-2024-23341", "creation_timestamp": "2024-01-23T19:26:50.000000Z"}, {"uuid": "5e992ec0-a69a-41ad-8e6a-a8deec38b129", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23348", "type": "seen", "source": "https://t.me/ctinow/186794", "content": "https://ift.tt/lWktOwo\nCVE-2024-23348 | appleple A-Blog CMS up to 2.8.x/2.10.49/2.11.57/3.0.28/3.1.6 SVG File cross site scripting", "creation_timestamp": "2024-02-17T07:06:50.000000Z"}, {"uuid": "bacabf78-9144-4257-851c-eecf9c87d13e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23341", "type": "seen", "source": "https://t.me/ctinow/186628", "content": "https://ift.tt/FOzWoJC\nCVE-2024-23341 | TuiTse-TsuSin prior 1.3.2 tuitse_html cross site scripting", "creation_timestamp": "2024-02-16T21:21:43.000000Z"}, {"uuid": "e6c64d36-88e6-41f9-99d6-a7bbd5c12474", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23345", "type": "seen", "source": "https://t.me/ctinow/186589", "content": "https://ift.tt/hlPrA6W\nCVE-2024-23345 | Nautobot up to 1.6.9/2.1.1 cross site scripting (GHSA-v4xv-795h-rv4h)", "creation_timestamp": "2024-02-16T19:26:26.000000Z"}, {"uuid": "71a484e9-e370-4503-9d32-8072113d5e28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23342", "type": "seen", "source": "https://t.me/ctinow/180322", "content": "https://ift.tt/APlCNnu\nCVE-2024-23342 Exploit", "creation_timestamp": "2024-02-06T21:16:54.000000Z"}, {"uuid": "f6863085-aec8-4a6d-a3ec-5ad6c4ca3577", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23340", "type": "seen", "source": "https://t.me/ctinow/171570", "content": "https://ift.tt/2YETKiX\nCVE-2024-23340", "creation_timestamp": "2024-01-23T00:26:37.000000Z"}, {"uuid": "85f4625e-8b69-4e43-b821-d4205a2be8c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23340", "type": "seen", "source": "https://t.me/ctinow/176150", "content": "https://ift.tt/BULJV3M\nCVE-2024-23340 Exploit", "creation_timestamp": "2024-01-30T18:17:16.000000Z"}, {"uuid": "2a41ee52-584f-48b5-ad4a-c241f5f7fa95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://t.me/ctinow/189911", "content": "https://ift.tt/gnASYcD\nCVE-2024-23346", "creation_timestamp": "2024-02-21T18:36:14.000000Z"}, {"uuid": "19ce8ea6-83eb-4aab-8c3e-93c62e4c44c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23347", "type": "seen", "source": "https://t.me/ctinow/180084", "content": "https://ift.tt/1Ad0tTu\nCVE-2024-23347 | Meta Spark Studio up to 175 Project package.json resource injection", "creation_timestamp": "2024-02-06T16:11:30.000000Z"}, {"uuid": "218c6fbc-9839-4c7d-9353-254dbe4f9795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23349", "type": "seen", "source": "https://t.me/ctinow/190639", "content": "https://ift.tt/FmsXBza\nCVE-2024-23349", "creation_timestamp": "2024-02-22T11:27:01.000000Z"}, {"uuid": "4d278d19-cfbb-4be6-b342-602ccb5c2a72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23349", "type": "seen", "source": "https://t.me/ctinow/190633", "content": "https://ift.tt/FmsXBza\nCVE-2024-23349", "creation_timestamp": "2024-02-22T11:26:51.000000Z"}, {"uuid": "5ebab250-58cc-48e3-9e9d-ab622af2f11c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23344", "type": "seen", "source": "https://t.me/ctinow/180160", "content": "https://ift.tt/H5V4D7M\nCVE-2024-23344", "creation_timestamp": "2024-02-06T17:31:57.000000Z"}, {"uuid": "5256adb3-13ee-4b78-91dc-77c61d1e9872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23348", "type": "seen", "source": "https://t.me/ctinow/171863", "content": "https://ift.tt/bf7YaOc\nCVE-2024-23348", "creation_timestamp": "2024-01-23T11:21:34.000000Z"}, {"uuid": "323c7892-4a15-410c-8adb-dafb75daaefd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23345", "type": "seen", "source": "https://t.me/ctinow/171598", "content": "https://ift.tt/WImcYtH\nCVE-2024-23345", "creation_timestamp": "2024-01-23T01:31:17.000000Z"}, {"uuid": "0829efe1-1bef-466d-8dd2-1fba7fa9b1a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23342", "type": "seen", "source": "https://t.me/ctinow/171597", "content": "https://ift.tt/jLmi4WO\nCVE-2024-23342", "creation_timestamp": "2024-01-23T01:31:16.000000Z"}, {"uuid": "08ff308e-aaa9-4c90-a90a-e302d13b1824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23342", "type": "seen", "source": "https://t.me/ctinow/172657", "content": "https://ift.tt/5Og3Vq4\nCVE-2024-23342", "creation_timestamp": "2024-01-24T11:06:50.000000Z"}]}